Oracle implements security by pulling the plug



  • Congratulations on planning to break pretty much every single useful applet in existence. A quick Google for "physics java applets" reveals that none of the applets on the first page are signed, and most of them exist on web pages that haven't seen a design update since the days of Netscape Navigator. Good luck on finding all the creators and making them sign their applets.



  • @Maciejasjmj said:

    applet



  • @Ronald said:

    @Maciejasjmj said:
    applet



  • Do you remember the Lake applet? Well lately I was bored and looked in the Live Wallpapers list on my nexus 4 and one of those is very similar to the Lake, except that I can create ripple by touching it. Good times!



  • Oracle seems to be on a roll of making bad security decisions. I just installed the latest Oracle Database 11g this morning and the self-signed certificate that Oracle Enterprise Manager generates has a key so short that IE9 and later refuse to accept it, even if you click the "continue anyways" link. The work around isn't that bad, but the way it fails is very hard to diagnose (it just does nothing when you click continue anyways). I'l bet fixing the issue would take less time than writing up the knowledge base article about how to work around it.



  • @Maciejasjmj said:

    Good luck on finding all the creators and making them sign their applets.

    Probably easier to use a web proxy that signs applets before passing them on to the client.



  • @Maciejasjmj said:

    Good luck on finding all the creators and making them sign their applets.
     

     Goodbye, Falstad. :'(



  • Isn't this a Google decision implemented in Chrome rather than an Oracle decision implemented in the Java plugin?



  • @pjt33 said:

    Isn't this a Google decision implemented in Chrome rather than an Oracle decision implemented in the Java plugin?
     

    The dialog is Java, if that's what you mean, and I get a similar warning in Firefox, though without the block announcement.



  • @Maciejasjmj said:

    Oracle Google implements security by pulling the plug.

    FTFY

    I think that is related to this.



  • @Sir Twist said:

    @Maciejasjmj said:

    Oracle Google implements security by pulling the plug.

    FTFY

    I think that is related to this.

    No, it's not. It appears on IE too. Stop blaming Google for everything or Ben L. will come and set you straight.



  • @Maciejasjmj said:

    @Ronald said:
    @Maciejasjmj said:
    applet

     

     



  •  @Maciejasjmj said:

    No, it's not. It appears on IE too. Stop blaming Google for everything or Ben L. will come and set you straight.

    I stand corrected, it’s all Oracle’s fault. Also it’s Oracle’s fault that the java updater has failed to notify me of the last 15 updates.



  •  So what if it's signed or not, if the sandbox is full of holes.

    Fuck Java.



  • @alegr said:

     So what if it's signed or not, if the sandbox is full of holes.

    Fuck Java.

    So that's what the holes are for.




  • Gives a whole new meaning to Patch Tuesday.


  • Trolleybus Mechanic

    @dhromed said:

    Gives a whole new meaning to Patch Tuesday.

     

    Or "Code Coverage"

     



  • @Lorne Kates said:

    @dhromed said:

    Gives a whole new meaning to Patch Tuesday.

     

    Or "Code Coverage"

     

    Are you telling me that instead of writing code with my keyboard I should be using my penis?


  • Considered Harmful

    @Ben L. said:

    @Lorne Kates said:

    @dhromed said:

    Gives a whole new meaning to Patch Tuesday.

     

    Or "Code Coverage"

     

    Are you telling me that instead of writing code with my keyboard I should be using my penis?
    Are those options mutually exclusive?



  • @joe.edwards said:

    @Ben L. said:
    @Lorne Kates said:

    @dhromed said:

    Gives a whole new meaning to Patch Tuesday.

     

    Or "Code Coverage"

     

    Are you telling me that instead of writing code with my keyboard I should be using my penis?
    Are those options mutually exclusive?
    Penis typing?

    OUR NEW LANGUAGE IS PENIS TYPED.

    IT TAKES THE BEST FEATURES OF STRONGLY-TYPED AND STRINGLY-TYPED LANGUAGES AND MASHES THEM TOGETHER TO MAKE A LANGUAGE THAT CANNOT HANDLE LOWERCASE ASCII LETTERS!



  • @Ben L. said:

    @joe.edwards said:
    @Ben L. said:
    @Lorne Kates said:

    @dhromed said:

    Gives a whole new meaning to Patch Tuesday.

     

    Or "Code Coverage"

     

    Are you telling me that instead of writing code with my keyboard I should be using my penis?
    Are those options mutually exclusive?
    Penis typing?

    OUR NEW LANGUAGE IS PENIS TYPED.

    IT TAKES THE BEST FEATURES OF STRONGLY-TYPED AND STRINGLY-TYPED LANGUAGES AND MASHES THEM TOGETHER TO MAKE A LANGUAGE THAT CANNOT HANDLE LOWERCASE ASCII LETTERS!

    LET'S ALL PLUG IN OUR DONGLES AND PROGRAM IN FAP


  • ♿ (Parody)

    @flabdablet said:

    LET'S ALL PLUG IN OUR DONGLES AND PROGRAM IN FAP

    Right or wrong, I'd fork that.



  • @flabdablet said:

    LET'S ALL PLUG IN OUR DONGLES AND PROGRAM IN FAP

     

    Same Dspace?

     



  • @Ben L. said:

    OUR NEW LANGUAGE IS PENIS TYPED.

    IT TAKES THE BEST FEATURES OF STRONGLY-TYPED AND STRINGLY-TYPED LANGUAGES AND MASHES THEM TOGETHER TO MAKE A LANGUAGE THAT CANNOT HANDLE LOWERCASE ASCII LETTERS!

    aka AOL-TYPED

     



  • When I read the title of the post I was hoping that Oracle was going to finally cave in and wipe java from the face of the earth.

    This, however, is a good start.



  • @Ben L. said:

    Are you telling me that instead of writing code with my keyboard I should be using my penis?
    A secretary walks into her boss' office and asks, "Can I use your Dictaphone?" Slightly annoyed, her boss replies, "No! Use your finger like everyone else!"



  • Java -- write once, run nowhere.

    We are stuck with Oracle Java 1.6 anyways because one app we use, written in Oracle Forms as an applet, does not work with Oracle Java 1.7. (OK, maybe it's messed up by developers of that app, but still...)



  • @mol1111 said:

    Java -- write once, run nowhere.

    We are stuck with Oracle Java 1.6 anyways because one app we use, written in Oracle Forms as an applet, does not work with Oracle Java 1.7. (OK, maybe it's messed up by developers of that app, but still...)

    But still . . .  . . . what?

    I think blaming Oracle may be be just a little bit stupid. Yes, it's possible that Oracle did something to break backwards compatability.  I'm not saying that never happens. Apple is famous for it. But if you are "stuck" on Java 1.6 because your app won't run on Java 1.7, then there's a really good chance that the developer is a retarded fuckwad. I hate Oracle as much as the next guy, but developer incompetence is not their fault.

     


  • Considered Harmful

    @El_Heffe said:

    But if you are "stuck" on Java 1.6 because your app won't run on Java 1.7, then there's a really good chance that the developer is a retarded fuckwad.

    What's more fun is when a large corporation gets "stuck" on a Java (or IE, or Windows...) version because one or two mission-critical apps were written by shitty long-gone developers, and it holds back all the other non-shit application development.



  • @joe.edwards said:

    What's more fun is when a large corporation gets "stuck" on a Java (or IE, or Windows...) version because one or two mission-critical apps were written by shitty long-gone developers, and it holds back all the other non-shit application development.

    I once worked at a place that still had an application that required the Microsoft JVM. In 2007.


  • Trolleybus Mechanic

    @Ben L. said:

    OUR NEW LANGUAGE IS PENIS TYPED.
     

    public static class SausageFactory
    {

        public static Penis GetPenis() { return new Penis(); }

    }



  • @Lorne Kates said:

    @Ben L. said:

    OUR NEW LANGUAGE IS PENIS TYPED.
     

    public static class SausageFactory
    {

        public static Penis GetPenis() { return new Penis(); }

    }

    Are factories just enterprisey constructors?



  • @Ronald said:

    I can create ripple by touching it
    What... like your mom?

    @alegr said:

    So what if it's signed or not, if the sandbox is full of holes.
    Oh! I get it now! It's not a sandbox - it's a sieve!


  • Trolleybus Mechanic

    @Ben L. said:

    Are factories just enterprisey constructors?
     

    Guess how you get a new Factory?


  • Considered Harmful

    @Lorne Kates said:

    @Ben L. said:

    Are factories just enterprisey constructors?
     

    Guess how you get a new Factory?


    That's easy but how do I get a FactoryFactory?



  • @joe.edwards said:

    @Lorne Kates said:
    @Ben L. said:
    Are factories just enterprisey constructors?
    Guess how you get a new Factory?
    That's easy but how do I get a FactoryFactory?
    By calling FactoryFactoryFactory.getInstance(), of course. Sheesh!

     



  • @joe.edwards said:

    @Lorne Kates said:

    @Ben L. said:

    Are factories just enterprisey constructors?
     

    Guess how you get a new Factory?


    That's easy but how do I get a FactoryFactory?

    MetaMetaBlakeyrantFactoryFactoryFactory.GetMetaBlakeyrantFactoryFactoryFactory().GetBlakeyrantFactoryFactory().GetBlakeyrantFactory().GetBlakeyrant()

    Bonus points to anyone who can make code like this with non-trivial code for each function.


  • Discourse touched me in a no-no place

    @Ben L. said:

    Bonus points to anyone who can make code like this with non-trivial code for each function.
    Bonus sanity would be more useful. Way, way more useful.


  • Discourse touched me in a no-no place

    @Vanders said:

    @joe.edwards said:
    What's more fun is when a large corporation gets "stuck" on a Java (or IE, or Windows...) version because one or two mission-critical apps were written by shitty long-gone developers, and it holds back all the other non-shit application development.

    I once worked at a place that still had an application that required the Microsoft JVM. In 2007.

    Got ya beat--I've seen an app this year that requires it. Admittedly it's very old version of the product, and the customers are trying to update.



  • @FrostCat said:

    @Vanders said:
    @joe.edwards said:
    What's more fun is when a large corporation gets "stuck" on a Java (or IE, or Windows...) version because one or two mission-critical apps were written by shitty long-gone developers, and it holds back all the other non-shit application development.

    I once worked at a place that still had an application that required the Microsoft JVM. In 2007.

    Got ya beat--I've seen an app this year that requires it. Admittedly it's very old version of the product, and the customers are trying to update.

    Sometimes the lock-in is not the JVM it's the libraries that come with an Enterprise Solution, like Weblogic or Websphere. You can switch the operating system but not the app server... or the app. Very convenient.


  • Discourse touched me in a no-no place

    @Ronald said:

    it's the libraries that come with an Enterprise Solution, like Weblogic or Websphere
    Why do you have to keep on bringing up those memories? (At least one of them is based on a bastardized son of Apache Axis 1, if my probing of the failure modes is accurate. Axis has some… quirks… that make migrating to anything else hard, and yet which ought to make you want to do so ASAP. Axis 2 isn't better, but it does come with a wholly different set of ways to go wrong. Nobody sane uses either.)



  • @dkf said:

    @Ronald said:
    it's the libraries that come with an Enterprise Solution, like Weblogic or Websphere
    Why do you have to keep on bringing up those memories?

    Yet in order to avoid hurting people too badly, I did not mention:

    which had a strangely familiar design for the logo:


Log in to reply